Security Configuration is the main entry point of the application to manage API security and check which API we have to allow and which API we have to restrict.
xxxxxxxxxx
@EnableWebFluxSecurity
public class SecurityConfig {
private static final String[] WHITELISTED_AUTH_URLS = {
"/auth/v1/signup","/auth/v1/login", "/webjars/**", "/v3/api-docs/**",
};
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private SecurityContextRepository securityContextRepository;
@Bean
public SecurityWebFilterChain securityWebFilterChain(
ServerHttpSecurity http) {
return http
.exceptionHandling()
.authenticationEntryPoint((shs, e) -> Mono.fromRunnable(() -> {
shs.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
})).accessDeniedHandler((shs, e) -> Mono.fromRunnable(() -> {
shs.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
})).and()
.csrf().disable()
.formLogin().disable()
.authenticationManager(authenticationManager)
.securityContextRepository(securityContextRepository)
.authorizeExchange()
.pathMatchers(HttpMethod.OPTIONS).permitAll()
.pathMatchers(WHITELISTED_AUTH_URLS).permitAll()
.anyExchange().authenticated()
.and().build();
}
}
https://medium.com/@BPandey/building-reactive-backend-app-with-spring-boot-webflux-fc6610e4a747